[Buildroot] [PATCH] package/glibc: bump version for post-2.30 security fixes

Peter Korsgaard peter at korsgaard.com
Mon Dec 23 09:27:28 UTC 2019


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security vulnerability:
 > - CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
 >   environment variable during program execution after a security
 >   transition, allowing local attackers to restrict the possible mapping
 >   addresses for loaded libraries and thus bypass ASLR for a setuid
 >   program.  Reported by Marcin Kościelnicki.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2019.11.x, thanks.

For 2019.02.x I will instead bump the 2.28.x version for the same fix.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list